<?php
include './include/common.inc.php';
if($submit){
    if($action=="ajax"){
        if(!$username || !$pw || !$seccode){
            echo "请输入用户名，密码，验证码";
            exit;
        }
        $seccode=strtolower(trim($seccode));
        $seccode1 = strtolower($help->authcode($_COOKIE['seccode'],'DECODE'));
        if($seccode!=$seccode1){
            echo "验证码错误，请重新输入";
            exit;
        }
        $username=trim($username);
        $pw=md5(trim($pw));
        
        $q=$db->fetch_first("select * from member where name='{$username}' and pw='{$pw}'");
        if($q){
            $_SESSION['uid']=$q['uid'];
            $_SESSION['name']=$q['name'];
            $db->query("update member set lastip=olip,olip='{$_SERVER['REMOTE_ADDR']}' where uid = {$q['uid']}");
            
            echo 'ok';
        }else{
            echo '用户名不存在或密码错误';
        }       
        exit;
    }else{
        if(!$username || !$pw || !$seccode){
            $help->showmessage("请输入用户名，密码，验证码",-1,5);            
        }
        $seccode=strtolower(trim($seccode));
        $seccode1 = strtolower($help->authcode($_COOKIE['seccode'],'DECODE'));
        if($seccode!=$seccode1){
            $help->showmessage("验证码错误",-1,5);  
        }
        $username=trim($username);
        $pw=md5(trim($pw));
        
        $q=$db->fetch_first("select * from member where name='{$username}' and pw='{$pw}'");
        if($q){
            $_SESSION['uid']=$q['uid'];
            $_SESSION['name']=$q['name'];
            $db->query("update member set lastip=olip,olip='{$_SERVER['REMOTE_ADDR']}' where uid = {$q['uid']}");
            $help->showmessage("成功登陆",$C['SITE_URL'],5);  
        }else{
            $help->showmessage("用户名或密码错误",-1,5);  
        }       
        
    }    
}else{
    if($U['uid']){
        $help->showmessage("您已经登陆!","{$C['SITE_URL']}",3);  
    }
    $tpl->assign("title","用户登陆");
    $tpl->display("login.html");
}
